Are You Putting Your Agency’s Reputation on the Line?

How to manage integrity risks.

Risk is unavoidable in carrying out an organization’s objectives. Whether we’re talking about a government agency or a private sector hospital, providing services to people is surrounded by uncertainty. While organizations cannot respond to all risks, one of the most salient lessons from high-profile crises and scandals is that both public and private sector organizations should strengthen their risk management practices to address integrity issues.

Federal agencies would be well-advised to identify, evaluate, and manage challenges related to mission delivery and minimize risk to a tolerable level. In fact, the Office of Management and Budget recently updated Circular A-123 to ensure managers are addressing risks as they monitor day-to-day operations and develop strategic objectives for their agencies.

In the IBM Center for the Business of Government report Ten Recommendations for Managing Organizational Integrity Risks, Kent State University’s Tony Molina offers tools to help managers uphold their agencies’ reputation and meet the requirements of Circular A-123. Integrity risks should be a central concern for managers at all levels of government because the lack of trust in public institutions is eroding their effectiveness.

Identifying the Problem

There are two types of integrity issues that organizations must monitor:

  • Integrity violations are actions on the part of an organization’s members that undermine its purposes and values.
  • Integrity risks are conditions and behaviors that increase an organization’s vulner­ability to integrity violations.

Effectively managing integrity risks involves identifying and mitigating the factors that contrib­ute to them, including:

  • The organization’s ethical climate
  • Perceptions of unfairness in how employees are treated
  • Diffusion of responsibility
  • Conflicts over roles
  • The way performance is managed

Building Integrity

An organizational integrity system incorporates the following:

  • Compliance-based tools that focus on control mechanisms to ensure legal compli­ance, including codes of conduct, employee monitoring, reporting procedures and disciplinary measures.
  • Values-based tools aimed at ensuring the organization’s core values are reflected in its day-to-day activities.

The key is to strike the right balance. The right combination of compliance- and values-based tools must be suited to a particular institutional context; there is no one-size-fits-all approach.

The IBM Center report examines the approaches of four large health care organizations: the Cleveland Clinic, Mayo Clinic, Veterans Health Administration and Military Health System.  Health care organizations operate under close scrutiny in a highly regulated environment that carries significant penalties for noncompliance. Integrity risks may be divided into several broad areas, including compliance with regulations, and integrity of business practices, the clinical practice and research.

In the cases of Cleveland Clinic and Mayo Clinic, well-integrated systems of compliance and values-based tools are highly successful in creating organizational cultures that promote integrity. As a result, both organizations have a clearly defined sense of purpose around which their resources are marshaled, and core values are effectively integrated into daily routines and practices.

The VHA case illustrates the importance of an organizational culture that supports ethical practices in the workplace. In recent years, gaps have been identified that may pose integrity risks. Along with promoting the Veterans Affairs Department’s ICARE val­ues of integrity, commitment, advocacy, respect and excellence, VHA emphasizes these principles through the IntegratedEthics program. Interestingly, according to Molina’s report, despite the fragmented nature of the MHS ethics program, it has been remarkably successful in maintaining an organizational culture that promotes integrity. This success largely can be attributed to the military’s ability to instill core values and a shared sense of purpose in its members.

10 Ways to Manage Integrity Risk

The fol­lowing recommendations can help create an organizational culture that supports integrity:

  • Balance emphasis on compliance-based rules and sanctions with values-based incentives.
  • Ensure that all members of the organization understand that they have a responsibility to promote integrity.
  • Implement integrity initiatives in terms of concrete behaviors.
  • Explicitly incorporate values into decision-making processes.
  • Provide ongoing training for integrity-related practices.
  • Align the formal elements of organiza­tional culture with the informal elements.
  • Facilitate open communication about integrity-related issues, and recognize and reward ethical conduct.
  • Provide a mechanism for members to consult about integrity-related issues.
  • Conduct systemic integrity risk assessments on an ongoing basis.
  • Align performance management systems with the organization’s ethical goals.

Related IBM Center reports include: Managing Risk, Improving Results: Lessons from Improving Government Management from GAO’s High-Risk List by the University of Maryland’s Donald Kettl  and Improving Government Decision-Making through Enterprise Risk Management by Doug Webster of George Washington University and Tom Stanton of Johns Hopkins University.

Michael J. Keegan is the host of the IBM Center’s Business of Government Hour radio show and editor of The Business of Government magazine.